Advances in computer technology have prompted the development of frameworks that address security and user requirements in the software development lifecycle.
This article examines several established SDLC frameworks, as well as two frameworks that specifically incorporate risk and security elements. With growing cybersecurity threats, organizations must design and upgrade software applications with security in mind, while still providing users the high performance levels they expect.
Steps in the SDLC
Due to the unique nature of software development, the SDLC process is far from straightforward and, as shown in the flow chart below, includes many loops. These loops help ensure issues are thoroughly checked and verified before software is deployed. Document each step and supporting activities carefully, as those documents will be used throughout the development, testing, training and deployment phases and may be used as evidence for audits.
The seven steps of the SDLC are the following:
- Analysis. In this step, the current system or process is analyzed, deficiencies are identified, and desired operating parameters and results are defined. Interviews should be conducted with primary users of the new app, as well as senior leaders whose approval is needed. During this step, developers should prepare a presentation for senior IT and company leadership to ensure they support the project.
Note: Secure management approval and funding before proceeding with the SDLC process.
- Plans and requirements. Once the project is approved, define the new system’s features and capabilities. A project plan should be created at this stage, and developers should clearly state how previous deficiencies will be addressed in the new system. If a spreadsheet or project management software is used, build out the project plan, including subactivities within each major step.
- Design. Begin developing the system design, including elements such as hardware, OSes, specialized utilities, I/O, software development tools, communications, security, programming, testing and deployment. Additional activities include project kickoff, operating procedures and related documents, system specifications and potential…